(May 1, 2023) The emergence of automated cyberattacks presents IT security organizations with extraordinary challenges. In one experiment, researchers set up a honeypot — a server for a fake online financial firm — and exposed usernames and passwords in a dark web market. A single automated bot needed only 15 seconds to break in, scan the network, collect credentials, siphon off data and create new user accounts so attackers could gain access later.
Additionally, automated ransomware delivery kits designed for attacking thousands of random IP addresses and targets are available on the dark web for only about $200. Subscription-based Ransomware-as-a-Service (RaaS) exploits cost about $50 a month.
Adding more security tools isn’t the answer to countering these types of attacks. The typical organization already deploys nearly 50 different security solutions that generate thousands of security alerts every day. The manual effort required to track, investigate and resolve all these alerts is more than most security teams can reasonably be expected to handle.
Instead, organizations must incorporate artificial intelligence (AI) and machine learning (ML) into their cybersecurity frameworks. By automating repetitive tasks and minimizing human intervention, AI and ML capabilities help security teams keep pace with escalating attacks.
A New Playbook
One way to incorporate automation is with Security Orchestration, Automation, and Response (SOAR), which creates a framework for automating workflows and orchestrating multiple security technologies using software connectors. What’s more, this unified framework can ingest and correlate vast amounts of threat intelligence from the network, subscription services, and other sources in order to “learn” the difference between normal and suspicious activity.
A key to this strategy is the use of gathered intelligence to create “adversary playbooks” that document the behaviors and methodologies used in cyberattacks. Once information about an attack’s unique tactics, techniques, and procedures (TTPs) is fed into AI-powered systems, they can detect patterns and interrupt attacks by anticipating and shutting down the next step in the attack sequence.
Over time, ML-trained systems will become increasingly familiar with threat characteristics and won’t have to wait until the network is under attack to respond effectively. Remote learning nodes placed at the edges of the network act as reconnaissance sensors, identifying threat attributes as part of an early warning system that enables proactive intervention.
For example, a playbook developed to thwart a particular malware strain would describe the malware’s infection process and its behavior after it infected a targeted device. Once that information is fed into AI-powered security fabrics, the system could automatically launch a variety of protective measures, such as blocking email attachments or IP addresses commonly associated with malware.
On the Hunt
The use of playbooks and security automation enables a fundamental shift in cybersecurity practices. For years, security has been a reactive process designed to minimize the damage from attacks after they’ve occurred. Increased automation enables organizations to actively hunt for threats, using threat intelligence to find and disrupt threats in advance of an attack.
A proactive approach to threat detection will only become more valuable as organizations continue to blur the network perimeter. Cybercriminals are increasingly targeting edge networks, remote workers, cloud applications, IoT devices, and other resources that lack the robust security of core networks. Automated security solutions can regularly query these dispersed resources to identify potential threats as well as any configuration, patching, or upgrade requirements.
Conventional security measures requiring human interaction to respond to attacks after the fact are no longer practical. The scale, frequency, and sophistication of modern threats call for increased use of automation. Give us a call to learn more about building a smarter cybersecurity environment for your organization.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development, and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile